Privacy Policy

Back

Protection of Personal Information Act (POPIA) Compliance

Last Updated: April 15, 2026

This privacy policy explains how BikeAbout collects, uses, and protects your personal information in compliance with South Africa's Protection of Personal Information Act (POPIA).

1. Information We Collect

We collect the following personal information when you enter cycling events:

  • Personal Details: Name, surname, email address, contact number, date of birth, gender, ID number
  • Racing Information: CSA license number, racing category, event preferences
  • Emergency Contact: Emergency contact name, number, and relationship to you
  • Medical Information (Special Personal Information): Medical aid provider and number (optional), medical conditions (diabetes, epilepsy, heart conditions, asthma), known allergies, emergency medication details, medical fitness confirmation
  • Location Data: Province/region
2. How We Use Your Information

Your personal information is used for:

  • Race Administration: Processing entries, managing participants, calculating fees
  • Safety & Emergency Response: Medical information for emergency situations
  • Communication: Event updates, changes, and important announcements
  • Regulatory Compliance: Meeting cycling federation requirements
  • Payment Processing: Managing entry fees and refunds
  • Event Results: Publishing race results which may include your name, surname, bib/race number, racing category, age group, club/team (if provided), and finish times/positions
3. Data Sharing

We may share your information with:

  • Race Organizers: For legitimate race management purposes, event administration, and event communications (operational necessity)
  • Medical Personnel, Race Officials, and Emergency Services: Your medical information and emergency contact details will be shared for your safety during events. This requires your explicit consent for Special Personal Information as required by POPIA.
  • Cycling Federations: For regulatory compliance and license validation
  • Timing Companies: For timing, results processing, and results publication
  • Authorities: When required by law or for safety reasons
4. Data Security

We implement appropriate security measures to protect your personal information:

  • Encryption: Sensitive data is encrypted at rest and in transit
  • Access Controls: Limited access to authorized personnel only
  • Audit Logging: All data access is logged and monitored
  • Regular Backups: Secure backup systems in place
5. Data Retention

We retain your personal information according to tiered retention periods based on data type and legal requirements:

  • Operational Data (90 days): Medical information, emergency contacts, dietary requirements, t-shirt sizes, and other operational data will be anonymized 90 days after the event concludes. This allows time for post-event queries while ensuring POPIA compliance. Anonymized data may be retained for statistical purposes (de-identified per POPIA).
  • Transactional Data (5 years): Financial records including invoices, payment details, and transaction logs are retained for 5 years as required by the Tax Administration Act and Companies Act. This includes your name, amount paid, invoice number, date, and VAT information (if applicable).
  • Marketing Data (until consent withdrawn): If you opt in to receive marketing communications, we retain your name, email address, and mobile number until you unsubscribe or withdraw consent.
6. Your Rights

Under POPIA, you have the right to:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Objection: Object to processing of your personal information
  • Withdraw Consent: Withdraw consent for specific processing activities
7. Consent Management

We collect explicit consent in two mandatory categories:

  • Administrative & Financial Consent (Mandatory): Required for event administration, payment processing, and event communications. This covers processing of your personal data for operational purposes, with operational data anonymized 90 days after the event and financial records retained for 5 years as required by law.
  • Medical & Safety Consent (Mandatory - Special Personal Information): Explicit consent required under POPIA for processing Special Personal Information, including medical information and emergency contact details. This information will be shared with event medical personnel, race officials, and emergency services if required for your safety during the event. This data will be anonymized 90 days after the event.

Optional Marketing Consents:

  • Race Organizer Marketing: Optional consent to receive marketing communications from the race organizer about future events and promotions. You can withdraw this consent at any time.
  • BikeAbout Platform Marketing: Optional consent to receive marketing communications from BikeAbout about future events and cycling news. You can unsubscribe at any time.
8. Contact Information

For privacy-related inquiries or to exercise your rights, contact us:

  • Email: privacy@bikeabout.co.za
  • Phone: +27 (0)82 900 8824
9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date.

Important Notice

By using our services and entering events, you acknowledge that you have read and understood this privacy policy and consent to the processing of your personal information as described herein.

Quick Links
Download

Download a copy of this privacy policy for your records.